SUMMARY

• Fifteen 15 years as Lead System Architect specializing in e-strategy IT Governance, Security Policy, Strategic IT planning, portfolio analysis, quantitative benchmarks, conceptual design, performance targets , architecting robust, highly available security integration solution, particularly skilled at Identity Access Management, Portal, Content Management, Web services XML-RPC/SOAP-Based on WSDL, HTTP-API/REST-Based on WADL , XBRL, LDAP, Enterprise Security/Public Key Infrastructure, Web Single Sign On suites into large, complex, diverse technology environments. Strong technical writing skills, strong communications skills, and tolerant of ambiguity frequent change, unresolved situations Ability to analyze complex problems, quickly assess situations, collect data, establish facts and draw valid conclusions Ability to prepare and present concise reports and presentations to Senior Management.
• Strong hands on technical knowledge of but not limited to Tivoli Identity Management ITIM , Tivoli Access Manager TAMeB , Tivoli Directory Integrator TDI , TAMOS,TAMESSO, IBM's Websphere Portal, Websphere Commerce Server, Ms Sharepoint Portal, Lotus Connection, LDAP IBM TDS, Oracle Internet Directory, MS Active Directory, SunOne Directory Server, Lotus Notes/Domino NAB, etc , Content Management OpenMarket, Ms CMS etc , SAML 2.0 for TFIM, Cross Domain Single Sign On CDSSO e-Community Single Sign On, Identity Federation using WS-Federation SAML security Assertion Markup Language / WS-Federation active requestor profile SOAP enable apps /passive requestor profile Browser , ADFS, Public Key Infrastructure Ms Cert Server, VeriSign Now Symantec , RSA, IBM Key Manager/GSKIT, Managing Key Store, Trust Store, SSL Cert, JAAS Module, JCC Module JCA/Cryptographic Module etc , J2EE, UML, MDA, OOA/OOD, MS IIS, SunOne Apps Server, WAS/WASND, Websphere MQSeries /JMS/MDB, Ariba Digital Marketplace, CA Siteminder, EDW Cognos, IBM/Ascential Data-QualityStage , RDBMS IBM DB2, Ms SQL,Sybase, Oracle and ERP PeopleSoft, SAP, Oracle Apps 11i Suite

SKILLS

Languages / Programming Frameworks

Java/J2EE/JSP/Servlet/JNDI/JMS/RMI/IIOP/EJB/Message Bean/Session Bean/JDBC, JavaScript, Log4J, JACC Java Authorization Contract for Container: pdjrtecfg , JAAS Java Authentication Authorization Services , ASP/ASP.Net/Net-framework/VBScript/VBA/VB.Net/WebPart, ColdFusion, XML/DTD, HTML/DHTML/XHTML/XSLT, CSS, Oracle PLSQL, SQL/Stored Procedure, XPATH/XML DOM/AJAX/DOJO/XHR/IFRAME/JSON/FLEX/AIR, SAML 2.0/BPEL, REST-Based API, Web 2.0, Web Service Security Framework, Identity Federation using WS-Federation SAML or WS-Federation active requestor profile SOAP enable apps /passive requestor profile Browser pdjrtecfg, svrsslcfg/bassslcfg/mgrsslcfg, LTPA, TAI TAI

Tools

Ms Visual Interdev/Visual Studio 6/Visual Studio .Net 2003, RAD 6, Adobe Dreamweaver, WebSphere Application Server, WebSphere Edge Server, Ms FrontPage, ColdFusion Studio, CA Erwin 3.5/4.1, Tools for Oracle Application Developer TOAD , SQLPlus, Oracle Designer, Oracle Fusion Middleware, Ms Visual Sourcesafe for version control, ACAD AutoLISP/.Net API layer

Security Software

Tivoli Identity Manager 4.6 / 5 / 5.1 TIM 5 Cert OP : TIM runcfg/dbcfg , Tivoli Access Manager for eBusiness 5.1 / 6.1 TAMeb 6.1 Cert OP: Webseal, pdadmin, Policy Server, Policy Proxy Server, Authorization Server, WPM , Tivoli Access Manager for Operating System 5.1 / 6.1,TAMESSO 6 , Tivoli Website Analyzer, IBM Tivoli Directory Integrator 6/7 incl: TDI Server TDI CE Config Editor/ Runtime version, TDI Connector list: Rest Server, LDAP, text files/csv, DB, JDBC, HTTP Server, DSMLver1/DSMLVer2 , Microsoft Cert Server , RSA Securid , RSA CA Keon , RSA Access Manager / Clear Trust, RSA Remote Access Service , IBM IKeyman, IBM GSKit , VeriSign Currently Symantec Managed PKI Service, TLS SSL, Cisco SAFE Blueprint: Cisco Pix FW, Cisco Application Control Engine ACE , Ms ISA Server, Cisco Router, Cisco Intrusion Detection System

Web-Related

WebSphere Application Server 5.x / 6.x: pdwascfg , WAS Edge Server , WAS ND , Messaging POP/SMTP , IBM HTTP Server/Apache, Tomcat, IIS 4.x / 5.x / 6.x , Sun Java System Apps Server , BEA Weblogic, Oracle Apps Server , Oracle Fusion: Oracle Identity Manager, Oracle Access Manager, Oracle SOA Manager, IBM Datapower SOA, External Web Orchestration SSO: CORBA, Federated Identity Manager, SAML 2.0, WS-Federation active / passive requestor profile, SOA/Web Services, WebSphere Feature Pack for Web 2.0/REST API

LDAP

IBM Tivoli Directory Server IDS: idsldapsearch, idsldapadd, idsldapmodify, idsldapdelete, idsldapdiff, ibmdirctl, ibmslapd , SunOne Directory Server SunOne ldapcompare, ldapdelete, ldapmodify, ldapsearch, searchrate, LDAP Admin console , Ms AD ADSI/ADFS, ADAM, AD script: dsquery, dsadd, dsmod , Oracle internet Directory, Novell NDS, Softerra LDAP Browser, OpenDS

Database

MS SQL Server 7/2000/2005, MySQL, MS Access, Oracle DB 8i/9i/10g, DB2 UDB 8/9.5, Sybase 8/9, Lawson on AS400

Operating Systems

Linux, Windows NT/2000/2003/2003 R2, HPUX, UNIX, AIX, Solaris, UNIX Shell scripts Ksh, Bash

Package Software

Cognos Powerplay/Impromptu/Upfront 7.1, Ascential DataStage/Quality Stage 7, Oracle Apps 11i, OpenMarket, Ariba Digital Market 7 Place/Buyer Side/Sales Side, Ms CMS .Net 2002/2003, Vignette, OpenMarket, WebSphere Portal Server 5.02/6.xx, Websphere Commerce Server 7,Ms SharePoint Server, Lotus Notes, PeopleTools PeopleSoft, TIM, TAMeB, TAMESSO Provisioning, Netegrity/CA Siteminder , Lotus Connectors 2.5 especially on TDI AL Rest API, Blogs, Tagging, Chats: AIM-Lotus Sametime Chat, IChat, RSS, Instant Messaging, Wikis

Methodology Framework

Arthur Andersen Rapid Application Development Framework RAD Frame , Arthur Andersen Architected Solution A3S , Arthur Andersen IT Audit, Risk Assessment Risk Management methodology ISO31000 , Arthur Andersen Project Management Framework, Arthur Andersen Change Management/Change Enablement Framework, IBM Security Framework, Cold fusion Fuse box Methodology, Struts, CISCO SAFE Blueprint, TOGAF, OOA/OOD, JSR 168/268, Design patterns, Scrum, RUP, UML, Spring, Hibernate, Ant, Log4J TDI logging engine , Agile methodology

EXPERIENCE

Confidential

Lead System Architect

Responsibilities

• Architecting HHSC enterprise-scale migration from ITIM 4.6 to ITIM 5.1 and TAMeB 5.1 to TAMeB 6.1 all in Solaris 64-bit version . ITIM End systems are: TAM Combo Adapter / RMI / ITDI Dispatcher-based, WebSphere Portal, Cognos, MAXe CHIP, MAX IE, MAXe Perinatal, ARP-Deprovisioning, ITG HP Project Portfolio Management 7.5 , Mailbox Data feed Push, TIERS MOR IPT, TIERS Security Service. TAMeB Back end are: IBM Websphere Portal on TAI , Cognos EDW, Infosphere Data/QualityStage 8, Ms SharePoint, Oracle and Custom web based apps on form, basic and GSO lockbox authentication all under Solaris 10 Virtualization Technology Solaris Zone File System, Whole Root
• Lead collaborate /-10 team members from HHSC, Northrop Grumman NG and IBM for Clustered ITDS implementation Master-Replica of HHSC's Integrated User repository system. These include migrating ACL, Modifying schema/attribute, managing extensive ITDS replication agreement and enabling cn changelog for monitoring ITDS Replication performance. All Solaris/UNIX userid are managed centrally in Clustered SunOne LDAP
• Architecting ITDI 7.0 Assembly line design for synching audit data createtimestamp, modifytimestamp, etc of SSP LDAP and STP LDAP instances in ADROC WINTERS datacenter using Remote CLFC and Server Admin Control -k J OID 1.3.18.0.2.10.15 . These LDAP Clusters are distributed LDAP containers across Custom Develop Apps, WPS Portal repository, Ms SharePoint Portal, Cognos EDW, Oracle, NG Helpdesk/Footprint, NG LDAP/SunOne LDAP, Web Seal, and Identity Management.
• Design and implement: Cross Domain Single Sign on CDSSO , Failover WebSeal Cluster and high available POC, DEV, SIT, UAT, PROD, and PROD-Fix env. Track browser-based session-cookies especially for PD-SSL-SESSION-ID, LTPAToken, AMWEBJct, OHSPort For Oracle SSO-based cookies , and JSESSIONID Oracle Fusion Middleware Apps Servers using Rational HTTP Header/WebSeal snoop, and implement TAM SMS Session Management Server for server-side session management.
• Deploy VeriSign Now Symantec Public Key Infrastructure for Web Seal, IBM HTTP Server, WAS, TDS, UNIX ssh/sftp, ITIM, ITIM Adapter SSL Infrastructure using DAML, TAM Policy Server, TAM Authorization Server, TAM SMS Server including creating SSL-based Junction -t ssl c K 'CertLabel' D 'CertDN
• Design and implement ITIM 5.1/TAMEB 6.1 performance tuning using resource allocation, IBM DB2 Buffer Pool, TDS Indexing, Websphere optimization and runstat / reverse scans. Create itemized performance test and stress test based on simulated request. These projects are government sponsored program for Food Stamp, TANF, TIERS, Lone Star Medicaid and 9 other programs across State of Texas Area.

Confidential

Responsibilities

• Architecting enterprise-wide standard Identity Access Mgmt incident logs, Investigation procedure, Support SLA Service Level Agreement , PDG, root cause analysis, fix patch on a complex UNIX environment to provision CWI's employee/supplier's accounts. ITIM End systems are: Ms AD, TAMeB, Linux, HP-UX, AIX, and Lotus Notes. TAMeB Back end are: Custom web based apps on form, basic and GSO lockbox authentication
• Lead /-5 team members from CWI and Encodeinc
• Perform audit and weekly log management for problem resolution/ action fix patch, escalation and security SOP deployment to comply with HIPAA standard. Notify line managers of any new accounts which their staff have, any transfer to or from their team, and asks them to re-certify their access and roles recertification

Confidential

Responsibilities

• Architecting 2nd phase SAD Solution Architecture Document for TCP's automated Identity/Access Management Role Based Access Control. Target ITIM end systems are: Ms AD, Lotus Notes, TAMeB5.1/ IBM Websphere Portal and Lawson HR on Oracle DB on AS400.
• Design and developed robust ITDI Assembly line to pull custom attributes from Lawson and Lawson EXT on AS400 and pass them to IBM Directory Server LDAP/DB2 for ITIM 4.6 Role Based Access Control ACL managing TAMeb, WebSphere Portal and custom Lawson HR apps on AS400 Iseries
• Customized FESI1.1 Script for porting ITIM entitlement workflow add-modify TCPPerson/SupportPerson/account activation/deactivation request , account recertification for advanced RBAC, EmergencyID automation and TAMeB integration to TIM 4.6
• Deliver Identity and Access management Standard Operating Procedure for complaint management, problem determination guide, root cause analysis and security audit SOX 404 for overall IT Security dept
• Automate TheChildrensplace TAMeB Integration with ITIM and Websphere Portal using ITIM Windows services daemon that run every 5 second and detect changes in ITDS LDAP custom attributes
• Lead collaborate /-10 team members from TheChildrensplace, IBM and Encodeinc

Confidential

Responsibilities

• Architecting McKinsey's Identity Access lifecycles and complex provisioning automation from: New Hire, LOA Leave of Absence , Termination, rehire which will be triggered after 30 days, roles changes algorithm, LDAP attributes update, Ms AD account cleanup, account recertification including notes id files distribution creation , KNOWPortal access exception workflow, and assembly line for ITIM/TDI attributes subtraction and data feed from PeopleNet. ITIM End Target system are: Ms AD, Notes
• Lead IDCP migration Mckinsey custom develop access, Identity certificate management Portal to a secure, robust, n-tier and scalable IBM TIM 4.6 with complex business rules, workflow, TDI automation to provision accounts in Ms AD Lotus Notes NAB LDAP for Firm Members, Alumni, and Contractors
• Managed complex McKinsey LLP Role based access control using IBM TDI assembly line, LDAP customization and ITIM RBAC automated provisioning for Sarbanes Oxley 404 / ISO 27000 Series
• Lead liaise /-20 team members from McKinsey, Alumni, McKinsey sub con and Encodeinc

Confidential

Responsibilities

• Architecting n-tier BCBS Identity Access Mgmt solution consisting of web tier, middle tier, LDAP tier, DB Tier etc in a robust BCBS infrastructure. Target end system are: Oracle Apps11i, AD, Lotus Notes
• Responsible for design review, application / security / network layer design, hardware sizing, technical specification, coding guidance, project proposal and estimated man-hour for IBM TIM 5 implementation ITIM hardware sizing tools integrate with various complex system of bluecross blueshield including IBM WPS Portal, TAMeB and bcbs custom applications using ITIM Adapter Development tool ADT , ITIM Graphical Configuration Tools GCE for HIPAA compliant
• Responsible for Analysis, problem gathering, Solution Design Solution Arch Doc/SAD phase and quality assurance to make sure all system comply with HIPAA SOX standard

Confidential

Responsibilities

• Architecting Enterprise Wide KPMG Identity Access Management Migration from TAMeb 5.1 ITDS LDAP 4.1 to TAMeb 6.0 ITDS LDAP 6.0 using bulkload, ldapdiff, ldif2db/db2ldif, and db2 backup/db2 restore. Estimated account managed /- 1,000,000 user's worldwide including KPMG and Bearing Point disaster recovery site, which integrate to IBM Websphere Portal, Ms CMS, Ms SharePoint and other KPMG custom back end application servers
• Manage migration of WebSeal KDB, STH, CSR using VeriSign Certificate for /-30 WebSeal servers, including migration of junction, ACL, reconfig of LDAP failover, log collection program, enable audit log for TAM Auth server, reconfig Policy Server etc. This migration is part of the KPMG Enterprise Public Key Infrastructure initiative
• Solved ITIM WAS clustering problem on 1 node related with JMS/MQ, and redefine clearly interrelation amongst ITIMDB Table ACTIVITY, PROCESS, PROCESSDATA, PROCESSLOG , LDAP attributes, XML repositories correlate with: Account attribute entity changes, Dormant Account, Non-Compliant Account, Policies etc for KPMG internal Audit SOX 404 compliant. Extract ITIM XML data using custom XPATH/XDOM application and populate to customized audit report
• Lead liaise /-20 team members from KPMG, IBM and Encodeinc

Confidential

Responsibilities

• Architecting Enterprise wide Fujimed's Identity Access Role based access control RBAC and TDI HR feed from Domino HR System of Record SOR , with ITIM target end system: MS AD and Lotus Notes which is accessed from Employee Self-signed portal Custom develop apps .
• Lead /-5 team members from Fujimed and Encodeinc
• Generate IAM automation : HR Feed based on Alphabetical chunk of person name A-E,F-J,K-O,P-T,U-Z , rehire new user with old employee id , Old hire-new hire, last name change because of change of status using eraliases etc, schema violation detection, vulnerability assessment, penetration and policy enforcement for IT audit, risk assessment, and QA for overall Fujimed's HIPAA security compliant
• Architecting Fujimed custom LDAP attributes objectclass fmperson , ITIM attributes form schema customization v3.modifiedschema cn schema on ITIM Directory Information Tree and pull the attributes using DSMLv2 HRfeed for robust ITIM automatic provisioning policy entitlement

Confidential

Responsibilities

• Architecting TIM 4.6, TAMOS 6.0, and TAMESSO 6.03 Integration. Target ITIM end system: Ms AD, HPUX, Solaris, AIX, Linux, and PeopleSoft Peopletools Adapter for PeopleSoft's HR Self-service Portal, Ms SQL, Sybase SQL, and Oracle DB. Managed backend TAMOS system: HPUX, Solaris, AIX, and Linux. TAMESSO managed system: Custom Windows apps VB , Custom SunOne/Ms/WAS-web based Apps Mainframe based apps RACF/ACF on Host on Demand. TIM, TAMOS and TAMESSO is integrated into one solution
• Lead /-10 team members from CarMax, PeopleSoft and Encodeinc
• Perform vulnerability/penetration test, risk identification, quality assurance for integration touch point amongst TIM/TAM/TAMESSO to PeopleSoft, Ms AD, HPUX, AIX, Solaris, Linux, Oracle, Sybase, Ms SQL Server, and Mainframe based apps RACF/ACF on Host on Demand
• Wrote TDI assembly line for HR Feed from ADP PeopleSoft on Oracle as employee data source to ITIM LDAP repository

Confidential

Responsibilities

• Architecting Enterprise-Wide Identity Access solution complex robust integration. ITIM target end system: Ms AD, Lotus Notes, TAMeB5.1/ IBM Websphere Portal and Lawson HR on Oracle DB on AS400. TAMeB junction apps: Store Apps Custom application , IBM WPS Portal, Lawson Employee Self-Service Web based . TIM TAM are both integrated
• Design robust ITDI automation Windows daemon for: developing custom Emergency ID, detect orphan TIM account using TDI code, extend additional LDAP Attributes, automate Operator login to TAM, disable account automatically for emergency id after 24 hrs, design on Who enable the emergency ID, develop Incident ID Ticket system, develop 'Support Person' extension of inetorgperson , develop entitlement Workflow approval: Todo List, email notification, design Who enable the Support Person, develop Hack Incident ID , suspend specific account based on attributes changes, put Timestamp on each activities, develop TDI to scan LDAP attributes changes
• Implement Lawson HR Data feed to ITDS LDAP and migrate from Perl Script using DSMLv2 to TIM
• Lead /-10 team members from TheChildrensplace, IBM and Encodeinc
• Perform technical specification server spec, JSR 168/268 , TIM/TAMeB/ITDI integration and automation architecture, IT assessment, and IS Security Strategy for overall Phase 1 TheChildrensplace Security automation SOX standard

Confidential

Responsibilities

• Architecting Enterprise-Wide single sign-on Access Management security using: IBM TAMeb 6.0 POC for countrywide's custom Portal infrastructure integrate with Microsoft AD as LDAP,CWInsider, Domino Web Access DWA , AS400 Host on Demand, KnowledgeNet, Nextance BEA Weblogic , Marketing Scrub Tool asp/aspx apps , CWInsider Project Office Ms SharePoint , Domino DB custom apps, and PT Central custom CF application
• Lead collaborate /-20 team members from Countrywide, IBM and Encodeinc
• Perform risk identification, vulnerability penetration test for Countrywide's IS Security Standard SOX compliant for Portal, Access ACL , Identity and Integration area

Confidential

Responsibilities

• Architecting robust n-tier Access Management clustered solution on ksh/AIX HACMP cluster
• Reviewing best practices , risk identification, contingency disaster recovery specification for complex Identity Access management architecture within data center clustered environment, integrating: IBM WebSphere Portal cluster, IBM TAMeB cluster, McD Metadirectory solution connecting to Meta Master/Replica on ITDS LDAP, TAM AMCd Master/Replica, TAM PolicyServer Master/Replica, Oracle DB, SOF Custom Apps , and Psync Active Passive Custom Apps .
• Quality Assurance on cn changelog delta implementation in a clustered ITDS LDAP environment.
• Perform failover audit risk assessment for clustering, failover and security hardening solution for overall McD IT identity, access, security public key infrastructure strategy
• Lead liaise /-5 team members from McDonald, ACS and Encodeinc

Confidential

Responsibilities

• Architecting highly complex, highly scalable Identity Access Mgmt solution across all KPMG data center around the world and migration from Netegrity/CA Siteminder eProvisioning API custom KPMG Identity Management apps . End systems for ITIM are: Ms AD, Notes, and TAMeB/WPS Portal. Junction TAM Backend are: Ms CMS, Ms SharePoint, WPS Portal, TIM, Custom apps mostly using Basic/Form/GSO lockbox, Web Server plug-in for BEA/IIS/libCUrl C API and AM.Net dll library . TIM and TAM are integrated
• Integrate ITIM 4.6 TAMeB, IBM Websphere Portal, Ms CMS and several KPMG custom apps on Microsoft SQL 2005 Ms Active Directory incl. Ms AD DIT ADFS design as main LDAP metadirectory solutions
• Responsible for Analysis, Design, Build phase including Project Management/Quality Assurance that lead liaise with /- 20 team members from KPMG and Encodeinc
• Build security integration architecture amongst clustered IBM Websphere Portal, clustered TIM clustered TAMeB on WASND utilizing Ms AD/Ms ADAM as main LDAP and main Metadirectory on Ms Cert Server security Public Key infrastructure to comply with Sarbanes Oxley 404 std / ISO 27000 series
• Delivery of phase one of IS Audit, standards, best practices, technology convention and proposed new technologies roadmap for overall KPMG worldwide Identity and Access Management solutions. Administer compliant policy report, for both segregation of duty rules and role based compliant policy

Confidential

Responsibilities

• Architecting robust MVPHealthCare Access, Federated Identity Portal integration, mainly responsible for analysis, design, problem gathering, risk assessment Solution Architecture SAD phase
• Design and develop automated ITDI Assembly line to facilitate single sign on access to multiple healthcare websites for internal external users MVPHealthCare, IBM Net Benefit, and WebMD . The TDI solution was required to pull custom attributes from Sybase on AIX for 80,000 users and map to TAMeB LDAP to be exported to Federated Identity Management using SAML WS-Federation SAML and IBM Websphere Portal repository
• Build integration implementation amongst TDI, Sybase, TFIM, WebSeal/TAMeb and IBM Websphere Portal
• Responsible for Testing, quality assurance, documentation, training and skill transfer
• Supervise SAML 2.0 Security standard/deployment, risk identification, vulnerability-penetration test, quality assurance for initial go live HIPAA compliant

Confidential

Responsibilities

• Architecting enterprise-wide identity access solution using Tivoli Identity Manager 4.6 integrated with Tivoli Access Manager for OS 5.1, Tivoli Directory Integrator 6.0, TAMeB/IBM WPS portal, Siebel with adapters for AIX, Solaris, Linux, HPUX, Ms AD Exchange 2003, Oracle DB and Oracle Apps 11i.
• Integrate Identity Access Management Solution with RSA CA Keon, RSA remote access Server and IBM Key Manager Trust Store/Key Store Management as Mobily's Public Key infrastructure PKI Backbone to comply with BS7799 security standard. Most of SSL Handshake Trust decision is provided by IBM Trust Manager IBMX509 Trust Manager, IBMPKIX and for Application wise Key Manager is IBMX509KeyManager.
• Deliver IT Audit, Risk Assessment, vulnerability test, Security spec standard POC for Oracle identity Manager Thor , Oracle Access Manager Coreid and RSA ClearTrust for several sub department in Mobily that use SAP/ABAP ERP/Siebel to comply with British security standard: BS7799
• Design Directory Information Tree on ITDS LDAP and OID for integration of ITAMOS 5.1, TAMeB and ITIM 4.6
• Deliver System Architecture, LLD Low Level Design for TIM 4.6.0 and TAMOS 5.1, Design Metadirectory Solution on a heterogeneous and complex back end system. This include risk management, vulnerability and penetration test, and quality assurance compliant
• Design Org Tree, Proposed RBAC Role Based Access Control Roles Group, Domain Administration, ACI Access Control Information , Provisioning/Service Selection/password/Identity Policies, Workflow and HR Data Feed for Mobily Business Requirement